In 2020, COVID-19 impacted the security of virtually every industry and increased cybercrime around remote working environments, education and healthcare. Despite the disruption it has caused, cybersecurity still remains a top priority for SMBs. With the new year now under way, Jay Ryerse, CISSP, VP of Cybersecurity Initiatives at ConnectWise, argues that we are presented with a golden opportunity to discuss the growing importance of cybersecurity within the managed service provider (MSP) community.
Last year, COVID-19 forced organisations in every industry sector to shift to remote working at speed. Unfortunately, cybercriminals were quick to seize on the opportunities created by the accelerated mass move to digital platforms. The second quarter of 2020 saw DDoS attacks jump 217% year-on-year, but it was ransomware that posed the greatest malware threat to small and medium-sized businesses (SMBs).
SMBs have long been in the sights of cybercriminals; even prior to COVID-19, SMBs faced more than 10,000 cyberattacks every day. Having embraced new technologies that would enable them to counter the disruptive impact of COVID-19, many SMBs now plan to forge ahead with their Digital Transformation agenda. But, as the findings of our recently released SMB cybersecurity report show, their growing reliance on digital technologies means that achieving enhanced cyber readiness and resilience is now a top priority for SMBs.
This represents a significant opportunity for managed service providers (MSPs), who will need to up their game to deliver the robust cybersecurity services that SMB customers will be looking for.
Great expectations: Top SMB trends
Our report found that 86% of SMBs have cybersecurity within their organisation’s top five priorities. Acutely aware of the critical role that cybersecurity plays in protecting their organisation, 74% of SMBs are planning to invest more or much more in cybersecurity in the next 12 months.
When it comes to evaluating their cyber capabilities, SMBs recognise they lack the internal resources or capabilities needed to stay one step ahead of threat actors. Over half (52%) say they do not have the in-house skills to deal appropriately with security issues and only 41% have specific cybersecurity experts working within their organisation.
All of which explains why 62% of SMBs view increased security as a key benefit of working with an MSP. Indeed, 59% predict that all or the majority of their cybersecurity activities will be outsourced in the next five years.
But while SMBs are clearly eager to pursue a cybersecurity agenda, MSPs appear to be slow at coming forward on the topic. Just 13% of SMBs say they regularly have cybersecurity related conversations with their MSP, and 38% of say these conversations are often only triggered by a quarterly review event. More worryingly, 29% only talk to their MSP about cybersecurity after they have suffered an incident.
The message here is clear: MSPs will need to get more proactive when it comes to initiating conversations about cybersecurity. Especially as 91% of SMBs say they would consider moving to a new MSP if these providers had the ‘right’ cybersecurity offering.
Seizing the opportunity: closing the cybersecurity skills gap
To make the most of opportunities on the horizon, MSPs will need to demonstrate their capabilities are matched to the evolving needs of existing – and new – clients.
Digital Transformation changes the rules of the game where security is concerned and SMBs are eager to work with organisations that can take care of their biggest security concerns. Indeed, while remote work may be a new frontier for SMBs, many predict that, on average, 33% of their workforce will be fully remote in 12 months’ time – presenting a new opportunity for MSPs.
Protecting remote devices and employees being breached is just the start. Asked about the top capabilities they now expect from a managed service provider, SMBs based in the UK identified having the ability to respond to security incidents (63%) and minimising potential damage and loss to their business (59%) as key requirements.
With more and more clients looking for more cybersecurity support from their MSP partners, MSPs will need to stay on top of cybertrends and evolve fully fledged suites of solutions that can be tailored to the specific needs of individual customers. But that’s just part of what is needed to build the lasting trust of clients and bolster their cyber preparedness.
SMBs also need continual education on cyber hygiene, policy reinforcement and best cybersecurity practice. Those MSPs that participate in ongoing cyber training will be best positioned to strike the right balance between people, processes and cybersecurity technology that will be needed to instil confidence with their clients, keep them protected – and successfully grow their cybersecurity practice.
Moving ahead with confidence
Our study, conducted with 700 IT and business decision makers in the US, UK, Canada, Australia and New Zealand, found that over three quarters of SMBs are worried they will be the target of an attack in the next six months. As a result, the majority are planning further investments in the next year to reduce risk.
With nine out of 10 SMBs prepared to use an MSP, or switch MSP, to find the right cybersecurity solution, the message is clear. MSPs will need to raise their understanding across the entire cybersecurity discipline – from technical and customer service capabilities to training, automation and the ability to oversee a constantly expanding attack surface. Because today’s worldly-wise SMBs are looking beyond the tools contained within an MSPs offering to consider other critical elements – an MSPs ability, expertise and trust factor.
Those MSPs that successfully raise their game will be strongly positioned to capitalise on a post-pandemic recovery and better support customers through the evolving cybersecurity challenges that lie ahead.
Click below to share this article